Prudential regulatory governance of the risks associated with IT multi-sourcing strategies within the Australian banking sector

Prudential regulatory governance of the risks associated with IT multi-sourcing strategies within the Australian banking sector

Concerns about the adequacy of the Australian Prudential Regulatory Authority (APRA) prudential standards to govern the risks associated with the Australian banks’ multi-sourcing IT service delivery strategies provided the motivation for conducting this study. Three research questions were developed to investigate prudential risk management in the banking sector of the Australian Financial Services Industry (AFSI). RQ1: Do the banks employ complex multi-sourcing solutions driven by business unit demands to deliver their IT services? RQ2: What are the risk and governance model/s used by the banks to manage risks associated with their IT services multi-sourcing strategy? RQ3: Is the AFSI IT operational risk exposure adequately covered by the current APRA risk framework and prudential standards?

The two largest Australian banks, Commonwealth Bank of Australia (CBA) and Westpac Banking Corporation (WBC) referred to as the ‘banks’ in this research are selected as the sample. CBA and WBC are the first and second largest banks when measured by capitalisation within the banking sector of the AFSI and represent 43 percent sample of the capitalisation value of the AFSI. Although profitable, the banks are under pressure from the market to reduce their cost-to-revenue ratio. One of the main strategies the banks employ to reduce IT costs is the outsourcing the delivery of IT services.

Over the past five years a trend has evolved with the banks using offshore-outsourcing to deliver IT services and gain further IT savings. However little empirical research has investigated what impact this trend has had on the risk profile of the banks and the Australian banking sector as a whole. This research identified and investigated the different IT services delivery models adopted by the banks by analysing on the relevant literature and documentation available in the public domain in relation to the AFSI. The findings of this research developed a picture of the IT delivery landscape within the banking sector of the AFSI. Findings of this research also demonstrates the complexity of the banks operational environment which can be attributed to the banks’ introduction of their IT multi-sourcing strategies. Finally the findings of this research raise some questions about whether the risks associated with an increasing reliance on IT multi-sourcing to deliver IT services is adequately managed by Australian banking sector and the regulatory framework of APRA.